.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
 
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan

Home >> Code Snippets >> Encryption & Decryption >> Post New Resource Bookmark and Share   

 Subscribe to Code Snippets

QueryString Encryption in ASP.NET

Posted By:Athira Sreejith       Posted Date: March 19, 2009    Points: 10    Category: Encryption & Decryption    URL: http://www.dotnetspark.com  
 

This C# example show encryption and decryption of Querystring in Asp.Net using C#

#region Using

using System;

using System.IO;

using System.Web;

using System.Text;

using System.Security.Cryptography;

#endregion

///

/// Summary description for QueryStringModule

///

public class QueryStringModule : IHttpModule

{

#region IHttpModule Members

public void Dispose()

{

// Nothing to dispose

}

public void Init(HttpApplication context)

{

context.BeginRequest += new EventHandler(context_BeginRequest);

}

#endregion

private const string PARAMETER_NAME = "enc=";

private const string ENCRYPTION_KEY = "key";

void context_BeginRequest(object sender, EventArgs e)

{

HttpContext context = HttpContext.Current;

if (context.Request.Url.OriginalString.Contains("aspx") && context.Request.RawUrl.Contains("?"))

{

string query = ExtractQuery(context.Request.RawUrl);

string path = GetVirtualPath();

if (query.StartsWith(PARAMETER_NAME, StringComparison.OrdinalIgnoreCase))

{

// Decrypts the query string and rewrites the path.

string rawQuery = query.Replace(PARAMETER_NAME, string.Empty);

string decryptedQuery = Decrypt(rawQuery);

context.RewritePath(path, string.Empty, decryptedQuery);

}

else if (context.Request.HttpMethod == "GET")

{

// Encrypt the query string and redirects to the encrypted URL.

// Remove if you don't want all query strings to be encrypted automatically.

string encryptedQuery = Encrypt(query);

context.Response.Redirect(path + encryptedQuery);

}

}

}

///

/// Parses the current URL and extracts the virtual path without query string.

///

/// The virtual path of the current URL.

private static string GetVirtualPath()

{

string path = HttpContext.Current.Request.RawUrl;

path = path.Substring(0, path.IndexOf("?"));

path = path.Substring(path.LastIndexOf("/") + 1);

return path;

}

///

/// Parses a URL and returns the query string.

///

/// The URL to parse.

/// The query string without the question mark.

private static string ExtractQuery(string url)

{

int index = url.IndexOf("?") + 1;

return url.Substring(index);

}

#region Encryption/decryption

///

/// The salt value used to strengthen the encryption.

///

private readonly static byte[] SALT = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString());

///

/// Encrypts any string using the Rijndael algorithm.

///

/// The string to encrypt.

/// A Base64 encrypted string.

public static string Encrypt(string inputText)

{

RijndaelManaged rijndaelCipher = new RijndaelManaged();

byte[] plainText = Encoding.Unicode.GetBytes(inputText);

PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);

using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16)))

{

using (MemoryStream memoryStream = new MemoryStream())

{

using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))

{

cryptoStream.Write(plainText, 0, plainText.Length);

cryptoStream.FlushFinalBlock();

return "?" + PARAMETER_NAME + Convert.ToBase64String(memoryStream.ToArray());

}

}

}

}

///

/// Decrypts a previously encrypted string.

///

/// The encrypted string to decrypt.

/// A decrypted string.

public static string Decrypt(string inputText)

{

RijndaelManaged rijndaelCipher = new RijndaelManaged();

byte[] encryptedData = Convert.FromBase64String(inputText);

PasswordDeriveBytes secretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);

using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))

{

using (MemoryStream memoryStream = new MemoryStream(encryptedData))

{

using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))

{

byte[] plainText = new byte[encryptedData.Length];

int decryptedCount = cryptoStream.Read(plainText, 0, plainText.Length);

return Encoding.Unicode.GetString(plainText, 0, decryptedCount);

}

}

}

}

#endregion

}



     

Further Readings:

Responses
Author: Vishal         Company URL: http://www.dotnetspark.com
Posted Date: April 04, 2011

Hello Its a very nice post.
It is very help full to me but there is one problem whenever the postback occurs, normal url is displays rather than Encrypted url.

Thanks.

Post Comment

You must Sign In To post reply
Find More code samples in C#, ASP.Net, Vb.Net and more Here

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend